Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Allow consultants to add any SCIM attribute to the SCIM gateway configuration
Allow consultants to add any SCIM attribute (core or extension) to the SCIM gateway configuration.
Scheduled execution of Test Connection on agents
An automated periodic execution of the Test Connection functionality on an agent for UNIFYMonitor to pick up and report on would give UNIFY early warning that a low level service problem exists.
[Bob's suggestion]
Hi Adrian,
This could be completed using the Scheduled Jobs feature of the UNIFYBroker logging engine. This gives access to the $components.AgentEngine component, which has a method void Test(Guid agentId) that could be used to execute tests. Alternatively you could call the REST API from a scheduled job to execute the task.
Gateway was unable to be started due to One or more errors occurred.
Hi,
We have seen across multiple Broker instances that the following error occurs for LDAP gateways:
"The gateway <gateway name> (guid) was unable to be started due to One or more errors occurred."
Unfortunately there doesn't seem to be much more information that what is provided in the log. Examination of the log file further with CMTrace doesn't reveal anymore information.
In one particular affected customer's case, I checked the Azure Provisioning service to see if there was any significant event that may have caused this, but could not find anything there either.
The workaround is to Recycle the gateway, but this currently relies on manual checking to see if it has occurred or not and this appears to be happening on a frequent basis. We would like to address the root cause issue if possible.
Is there additional logging levels that could be applied to find out what could be causing this?
Thanks,
Liam
Time Offset Flag not re-evaluated when current time passes source field timestamp
My customer is failing UAT of the solution configuration because Time Offset Flags are not automatically updating when the source field timestamp is passed. There have not been any Clear Entity Changes run in this environment for many months, and entity data fields have been updated recently as part of the customer's UAT testing processes.
Example: entity ID 70cb5e8e-8a8d-48f9-a123-911a836574f4 in partition 838b79fc-a31e-4b70-bcc8-e94550b3ff57 in ACCC TEST. PostEnd, based on EndUTC, is still "No" but it should be "Yes".
Could you please check entity ID e71b989c-1a01-4542-9334-8e69c12abb6c on that same partition, which is due to see PostEnd change from "No" to "Yes" in around 15 hours from now (8/22/2023 2:00:00 PM UTC). Please confirm that it is all fine (i.e., a future change exists in the database) and then after the timestamp is passed I'll check and verify if the PostEnd value has updated automatically as it should.
Changes are registered for the times that the contributing transformations dictate they need to be registered. In this case, there could have been a scenario under which a transformation has determined, based on current (or previous) configuration, that a change should be created for that time because at that time a date time offset flag or similar needed to be recalculated. It may have been from one of the time offset fields that has a value already and is known to recalculate at that time.
The original part of the ticket is as you suspect - where clearing pending changes will remove future dated changes, and they won't be recreated through a generate changes process (which is something we've improved for UNIFYBroker 6.0).
The feature (Register-Contribution) was added to handle a scenario where a PowerShell transformation is adding/modifying a field, which is used in a transformation that can calculate future-dated changes (such as the Time Offset Flag transformation). With a normal chain of transformations (powershell aside), each adapter tracks the chain of where its source came from. This is done so we can calculate whether or not a change is needed for an entity (for example, if field X from relational connector A is used through a chain of transformations and then to calculate a datetime offset, we need to know on import if field X has a value which would trigger a change in the future, so we can register that change in the database so it recalculates at the right time, rather than too early / late). This calculation process is called Change Detection in the Broker engine.
Traditionally, the PowerShell transformation had no way of letting the Broker engine know how entity fields were being used, so it had no way of being involved in the change detection process. This also means it broke downstream change detection - if a PowerShell transformation is outputting a field value which is then used in a Time Offset Flag transformation, the engine had no way of knowing the source field of that value to notify of future dated changes.
The Register-Contribution call allows you to register this linkage to let the engine know how to handle those scenarios. So as an example, you may have an EndDate schema field coming from the parent or relational connector. You take this EndDate field in, and use a PowerShell transformation to convert it to UTC time, placing it into an EndTimestampUTC field. That EndTimestampUTC field is then used to calculate the PostEnd field through a TimeOffsetFlag. You would use the Register-Contribution call on this field, to essentially tell the adapter that "the PostEnd field passes through this magical script and results in the EndTimestampUTC field, so if there's a change on the PostEnd field it can be used to calculate changes on the EndTimestampUTC field". The adapter can then use that linkage to know that a change on the PostEnd field which sets the date in the future can be used to calculate a change in the future based on the configuration for the TimeOffsetFlag transformation.
The configuration would look similar to this (screenshot from the linked ticket):
TL;DR:
The PowerShell transformation does not participate in the change detection process by default. This can be enabled by manually describing the fields which contribute in some way to other fields, either created by the transformation, or pre-existing.
To do this, call the Register-Contribution method in the Schema Script for each instance of one field contributing to another.
# 'fieldA' contributes to the resulting value in 'fieldB'
Register-Contribution("fieldB", "fieldA");
Manually registering field contribution isn't required in most cases and for all fields, and can normally be omitted from the schema script. The typical situations where contribution registration would be required involve a PowerShell transformation preceding a Time Offset Flag or Business Day Offset transformations, where the contribution chain of the the involved Timestamp or Date fields is required to correctly schedule future-dated changes.
Support for DateRelational.Compare.String and Relational adapter transform types
I have encountered a UNIFYBroker customer who has DateRelational.Compare.String and Relational adapter transform types configured (UNIFYBroker 5.1.0#2). I have been asked to upgrade them to the latest UNIFYBroker release. Can you please confirm:
1. Are these transform types still available in the latest UNIFYBroker release?
2. Has their functionality or features changed since the 5.1.0#2 release?
3. If they are available, what are they now called in the UNIFYBroker UI?
Hi Adrian,
The DateRelational.Compare.String and Relational are old names for the current Join transformation. This transformation was reworked back in UNIFYBroker 4.1, so it's likely this configuration was upgraded from an old 3.x or 4.x config up to 5.1.
The product still respects the old transformation names, although may not
Between 5.1 and 5.3 there's been no changes to the way that entity windows and selections function.
There was no changes to the join transformation functionality itself, however there was minor changes made to the overall transformation process in terms of how changes are aggregated and reported (as support for postgresql was added). I don't expect this would impact functionality as we've not had other customers report issues between the versions.
If you are migrating the configuration rather than re-creating, you may find the UI continues to report the transformations using the old name (as you see in the screenshot above). Otherwise a new transformation can be created using the Join transform.
Let me know if you've got any more questions or have issues with the upgrade.
PowerShell sync task can't connect to AD
Sometimes I see errors in my customer's production environment when the birthright group provisioning PowerShell task is unable to connect to AD. This is happening immediately after a successful connection to AD has provisioned the user account. There are two types of errors that are returned, as below:
UnifyLog20230517.csv:1629:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.1916629",Normal
UnifyLog20230518.csv:57203:Add entities [Count:3] to connector AD User reported 3 entities saved, 0 failed. Duration: 00:00:01.2855075",Normal
UnifyLog20230521.csv:219718:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:01:00.0326068",Normal
UnifyLog20230521.csv:219982:20230521,15:41:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:220247:20230521,15:43:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:234120:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0287518",Normal
UnifyLog20230521.csv:234384:20230521,16:41:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:234683:20230521,16:43:05,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:248409:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0017363",Normal
UnifyLog20230521.csv:248672:20230521,17:41:06,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:248971:20230521,17:43:06,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:262577:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0161713",Normal
UnifyLog20230521.csv:262840:20230521,18:40:50,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:263093:20230521,18:42:50,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:276860:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0138167",Normal
UnifyLog20230521.csv:277241:20230521,19:40:52,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:277494:20230521,19:42:52,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:291308:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0170553",Normal
UnifyLog20230521.csv:291572:20230521,20:41:01,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:291845:20230521,20:43:01,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:305473:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0058264",Normal
UnifyLog20230521.csv:305736:20230521,21:40:51,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:305989:20230521,21:42:51,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:319874:Add entities [Count:2] to connector AD User reported 2 entities saved, 2 failed. Duration: 00:01:00.0170181",Normal
UnifyLog20230521.csv:320142:20230521,22:41:00,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:320398:20230521,22:43:00,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: The operation returned because the timeout limit was exceeded.",Normal
UnifyLog20230521.csv:331465:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.1680608",Normal
UnifyLog20230521.csv:331472:20230521,23:30:44,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aau,OU=Standard
Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal
UnifyLog20230521.csv:331477:20230521,23:30:47,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=jball,OU=Standard
Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal
UnifyLog20230523.csv:10338:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.0310308",Normal
UnifyLog20230523.csv:32001:Add entities [Count:3] to connector AD User reported 3 entities saved, 0 failed. Duration: 00:00:01.2325114",Normal
UnifyLog20230523.csv:32955:Add entities [Count:8] to connector AD User reported 8 entities saved, 0 failed. Duration: 00:00:02.0700229",Normal
UnifyLog20230523.csv:34211:Add entities [Count:4] to connector AD User reported 4 entities saved, 0 failed. Duration: 00:00:01.0275391",Normal
UnifyLog20230526.csv:12458:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1577689",Normal
UnifyLog20230531.csv:11081:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1605492",Normal
UnifyLog20230531.csv:11851:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1728933",Normal
UnifyLog20230602.csv:2129:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1171594",Normal
UnifyLog20230602.csv:2138:20230602,01:09:42,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=dtai2,OU=Standard
Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal
UnifyLog20230604.csv:21979:Add entities [Count:3] to connector AD User reported 3 entities saved, 0 failed. Duration: 00:00:01.5039543",Normal
UnifyLog20230605.csv:7281:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.1775722",Normal
UnifyLog20230605.csv:24280:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.4059702",Normal
UnifyLog20230606.csv:18238:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.2258243",Normal
UnifyLog20230606.csv:20135:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.2077376",Normal
UnifyLog20230606.csv:20865:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.2686140",Normal
UnifyLog20230609.csv:11402:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.1731736",Normal
UnifyLog20230611.csv:21783:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:01.2460368",Normal
UnifyLog20230611.csv:21786:20230611,15:38:16,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=spoyn,OU=Standard
Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal
UnifyLog20230612.csv:24388:Add entities [Count:7] to connector AD User reported 7 entities saved, 0 failed. Duration: 00:00:01.7047121",Normal
UnifyLog20230612.csv:24410:20230612,15:40:07,UNIFYBroker,PowerShellTask,Error,"Birthright group assignment cannot be performed due to provision failure - error searching for user CN=aeasl,OU=Standard
Users,OU=X,DC=local in AD: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.",Normal
UnifyLog20230612.csv:24465:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:00.1749234",Normal
UnifyLog20230613.csv:11991:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.2090408",Normal
UnifyLog20230613.csv:25059:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.2958574",Normal
UnifyLog20230614.csv:17864:Add entities [Count:1] to connector AD User reported 1 entities saved, 0 failed. Duration: 00:00:00.1804325",Normal
UnifyLog20230614.csv:29130:Add entities [Count:2] to connector AD User reported 2 entities saved, 0 failed. Duration: 00:00:01.2327871",Normal
The birthright group provisioning is a critical event-driven call and it must succeed. Can you please investigate why it failed like this and see if there's some way to improve it's reliability?
Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation
This issue is occurring in my customer's PROD environment, despite me having implemented the workaround of one Aurion agent for each Aurion connector and that workaround appearing to have worked correctly in their TEST environment (where these errors have not be observed):
Update entities 11 to connector Aurion Security User reported 11 entities saved, 11 failed. Duration: 00:00:57.4310747",Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (c71168bd-30e8-460e-832c-4e0983b47d6b) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (8d7ab2cf-fb2a-41c4-9700-fbba79ca1722) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (00a0802e-f57f-40e2-8667-7a9c5d7a7004) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (800e7663-b6b8-4e36-849b-477c69fb21c0) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (e55f8dbf-8d45-4f20-b561-08603923c0f0) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (ee80f7e3-7b8b-4cf1-bf12-3e58713ee29b) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (2435a9d0-263f-4c43-9e99-36ae99e239ae) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (dcfa3e64-be3a-41c4-a19b-a28fcef61700) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (c33745d2-dfd0-44f9-bbb9-456d2afdaac0) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (a5805bac-7b60-4ed9-9bae-449b481c094b) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230404,22:52:59,UNIFYBroker,EntitySaver,Error,The entity XXX (3d3b1f15-bc78-4415-9419-4c782f956976) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
All Aurion connectors are part of an exclusion connector group.
Could you please investigate and advise?
UI error adding a Multivalue Group transform in UNIFYConnect
When I attempt to add a Multivalue Group transform in UNIFYConnect MWIDemo instance the following error appears:
This appears after selecting the connector (AD User).
Hi Adrian,
This view was changed in relation to this ticket: https://voice.unifysolutions.net/communities/6/topics/4293-multivalue-group-transform-to-a-target-entity-with-a-null-source-field-breaks-reflection
I suspect the base patch has been applied to this environment, but not the web patch. This was all rolled up with UNIFYBroker 5.3.4 release.
I've messaged David to let him know that the web files may need to be refreshed for some environments. In the meantime, you can locate the source for the IIS site and find the file at \Areas\Extensibility\Views\MultivalueGroupTransformation\CreateOrEdit.cshtml - removing lines 63 - 67 inclusive which should resolve it in the meantime.
Priority Selection is disabled for Relevant Sliding Date Window on Join transform
When the 'Relevant' Sliding Date Window option is chosen the option for Priority Selection is no longer offered. I need to use Relevant to select the best set of Aurion employee placements (i.e. current, else future, else past) but then within the selected set I need to be able to pick an acting position (ActualPlacementType=NONSUBS) in preference to any substantive positions (ActualPlacementType=SUBS). This is crucial for correctly determining the correct current position (and therefore org structure and manager) for a person.
Hi Adrian,
This isn't a bug, but an intentional design decision from when the transforms were re-worked back in Broker 4. I'm not sure on the reason for the design decision, but currently the entity selection for the 'relevant' and 'priority' portions of the join transformation share the same step, which means they're unable to be run together.
This is something we've reworked in the upcoming UNIFYBroker 6 version, to allow a priority selection no matter the window being executed.
If necessary, we can have a discussion about bringing this capability back to 5.3, but the discussion would need to consider the remaining lifetime on the 5.3 product and the reasonable amount of dev and test effort required to bring this feature to the version. We're also currently in the middle of putting this feature through its paces, so there may be some unknown edge cases which a rushed port may miss.
One InsufficientAccessRights error writing to AD results in thousands of lines of error messages in the UNIFYBroker log
When a write to AD fails with an InsufficientAccessRights error UNIFYBroker writes an error log entry for every user in the current update batch, which usually numbers in the thousands. This is unwieldy, and due to log write throughput limitation in UNIFYConnect environments this results in degraded service logging functionality for several minutes at a time, while the logs are being written and new log entries cannot be viewed.
The AD LDAP export exception could be escalated as a single entity update failure, rather than a failure of an entire batch of entities.
Customer support service by UserEcho
